eGenix pyOpenSSL Distribution 0.13.10 GA

eGenix pyOpenSSL Distribution 0.13.10 GA

eGenix is pleased to announce the eGenix pyOpenSSL Distribution 0.13.10 for Python 2.4 - 2.7, with source, OpenSSL libraries, CA bundles and binaries for Windows, Linux, Mac OS X and FreeBSD.

Introduction

The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy to use installer that includes the most recent OpenSSL library versions in pre-compiled
form, making your application independent of OS provided OpenSSL libraries:

>>>   eGenix pyOpenSSL Distribution Page

pyOpenSSL is an open-source Python add-on that allows writing SSL-aware networking applications as as certificate managment tools. It uses the OpenSSL library as performant and robust SSL engine.

OpenSSL is an open-source implementation of the SSL/TLS protocol.

News

This new release of the eGenix.com pyOpenSSL Distribution includes the following updates:

New in OpenSSL

  • Updated included OpenSSL libraries from OpenSSL 1.0.1n to 1.0.1o, which fixes an ABI incompatibility introduced in OpenSSL 1.0.1n.

These were the updates in eGenix pyOpenSSL 0.13.9, which we released on 2015-06-12:

New in eGenix pyOpenSSL

  • Fixed a bug in the build process which resulted in the CA bundle files not get installed in the OpenSSL/ package dir.
  • Added a work-around for recent pip versions not showing the installer output, causing an apparently hanging installation process. The installer will now use a timeout when entering the crypto confirmation and report how to fix the problem (by using an environment variable EGENIX_CRYPTO_CONFIRM for confirmation).
  • Updated the Mozilla CA root bundle to version 2015-04-22.
  • Various minor fixes to the web installer to make installations on Linux and FreeBSD more robust, having pip uninstall not remove the .pyc/.pyo files, intermittent error causing a source installation in some rare cases.

New in OpenSSL

  • Updated included OpenSSL libraries from OpenSSL 1.0.1m to 1.0.1n. See https://www.openssl.org/news/secadv_20150611.txt for a complete list of changes. The following fixes are relevant for pyOpenSSL applications:
    • Logjam attack: OpenSSL 1.0.1n includes DHE man-in-the-middle downgrade protection.
    • CVE-2015-1788: Possible infinite loop during client authentication, which can be used for Denial of Service (DoS) attacks.
    • CVE-2015-1789: X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds, which can lead to a segmentation fault.
    • CVE-2015-1790: The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly, which can lead to a NULL pointer dereference on parsing.
    • CVE-2015-1792: When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.
    • CVE-2015-1791: If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

Please see the product changelog for the full set of changes.

pyOpenSSL / OpenSSL Binaries Included

In addition to providing sources, we make binaries available that include both pyOpenSSL and the necessary OpenSSL libraries for all supported platforms: Windows, Linux, Mac OS X and FreeBSD, for x86 and x64.

To simplify installation, we have uploaded a web installer to PyPI which will automatically choose the right binary for your platform, so a simple

pip install egenix-pyopenssl

will get you the package with OpenSSL libraries installed. Please see our installation instructions for details.

We have also added .egg-file distribution versions of our eGenix.com pyOpenSSL Distribution for Windows, Linux and Mac OS X to the available download options. These make setups using e.g. zc.buildout and other egg-file based installers a lot easier.

Downloads

Please visit the eGenix pyOpenSSL Distribution page for downloads, instructions on installation and documentation of the package.

Upgrading

Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs.

More Information

For more information on the eGenix pyOpenSSL Distribution, licensing and download instructions, please write to sales@egenix.com.

Enjoy !

Marc-Andre Lemburg, eGenix.com

Published: 2015-06-16